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May 31, 2004 

Final word 

This Cisco code dlsclosur^ follows on the heels of Microsoft?s source code 
disclosure earlier in the yfear. That sent a lot of administrators (not to 
mention l^icrosoft) into a nervous fit. Although no serious exploits have 
ever shown up that are related to vulnerabilities discovered in that 
Windows code, there stilljexists the possibility that something serious will 
develop. ' 

There is an ongoing debaie as to just how serious that security breach 
was but it?s clear that it \Lasn?t a high point In MicrosoftPs security 
efforts. i 

Whether or not malicious people get copies of the stolen Cisco software 
and are able to discover <erious vulnerabilities that can be widely 
exploited, the mere fact tiat confidential firmware has been disclosed 
must weigh heavily on Ci; co administrators until or unless it can be 
absolutely proven, not jui t claimed, that this doesn?t constitute a serious 
security breach. 

In the never-ending debate of open source versus proprietary software, 
when it comes to security^ one thing is abundantly clear, once proprietary 
code is exposed to attacl<brs, it becomes considerably less secure than 
open source software, where it is at least possible for administrators to 
examine the source code for themselves. One of the main security pillars 
that proprietary software relies on is its very secrecy. 
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repojled a critical vulnerability in Apple?s 
t can aflow remote code execution. The 
Apple In February 2004 and a patch is now 

ing system has yet another highly critical 
to the one reported In the MayJLZu2.Q04 
inia re po rt details the new, highly critical 
slightly iess dangerous threat, both of which 
lixlpixel to Apple on February 23, 2004; 
responded to this notification on May 20, 
ihg part to many security experts is the way 
away these vulnerabilities by saying they are 
erious as people are clalmlng?apparently based, 
□f the vulnerabilities, but simply on the fact that 
a tacking Macs. MacWorld UK recently reRorted a 
ing that would delete a user?s Home folder 
closed Mac OS X vulnerabilities. The attack is 
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disguised as a Word 2CJ04 demo. Apple criticized Intego, the discoverer 
of the Trojan threat exjploited by this malware, as overreacting and is 
currently downplaying ^he malwarePs danger by pointing out that it 
isn?t technically a viru$. That is small comfort to any Mac users who 
have had their Home folders wiped out. 

SecurityFocus reports jhat a DoS vulnerability exists when Internet 
Explorer uses the "window. createPopupO method to invoke the heep 
equiv meta tag." A siniple proof of concept has been published. 
SecurityTracker reRorts that an exploit has also been published for a 
threat to Outlook 2003, which bypasses the scripting restrictions that 
would normally protect systems. This would allow a malicious e-mail to 
execute arbitrary codejlf the e-mail message is opened. There doesn?t 
appear to be any workaround or other steps you can take to prevent 
this (obviously other tl{an not using Outlook 2003). 

I The new Lovegate wor|n uses a very tricky (probably unique) method 
to spread; certainly I?4e never run across this precise combination of 
propagation methods before. It seems that Lovegate replies to the 
unanswered e-mail thak is sitting in your MAPI-compliant (namely 
Outlook) mailbox. Klez also utilized an auto-responder but didn?t 
include the mass maillrtg feature of Lovegate, and Klez was around for 
a very long time. Auto4responder attacks are among the most 
persistent of threats. It shouldn?t be necessary to explain in detail the 
obvious dangers posedlby such a worm. These range from triggering 
massive spam attacks by confirming addresses to posing as entirely 
legitimate responses?itj?s pretty easy for most of us to spot spam when 
it comes packaged as ^ reply to a subject line message we?ve never 
sent, but how about when it looks exactly like a legit response? 
InformationWeek has 4 report on this. 

I A Secunia.Adyisory wafns of a new privilege escalation vulnerability in 
Windows 2000 and Wir^dows XP. The threat lies in desktop.ini files that 
may contain CLSID references to arbitrary executables. As of the latest 
round of Microsoft secijrlty patches, this threat hadn?t been patched. 

I New worms, in particular bobax and kibuv, are exploiting known 
Windows vulnerabilities for which patches are already published in 
Microsoft Security Bulletin MS04-011 . Both appear to be causing heavy 
traffic on TCP port 5000 (Universal plug-n-play) and are trying to take 
over computers in ordqr to spread spam. 
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